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Amendment dated July 28, 2006 
First Preliminary Amendment 

AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions and listing of claims in this application. 

Claim 1. (Currently Amended) A method for transferring a first olectronic jgotjcey between 
a key provider system and a second other system via an information network comprising the steps 
of: 

a) encrypting the firste l e ctronic root key using a firste ncrvption super-root key of the key 
provider system ; 

b) providing within the second other system a first secure module having a second 
e ncryption super - root key within a read-only memory circuit thereof and provided with the first 
secure module, the seconde ncrvption super-root key accessible only by program code being 
executed on a processor internal to the first secure module, and wherein the seconde ncryption 
super-root k ey is other than modifiable and other than accessible outside of the module; 

c) transferring the encrypted first el e ctronic root key from the key provider system to the 
second other system via the information network; 

d) providing the encrypted firste l e ctronic root key to the processor internal to the first 
secure module of the second other system; and, 

e) executing program code on the processor internal to the first secure module to decrypt the 
encrypted firste l e ctronic root key using the seconde ncryption super-root key stored within the 
read-only memory circuit of the first secure module and to store the decrypted first el e ctronic root 
key internally within a secure key memory location of the first secure module , wherein the first root 
key is useable for at least one of encrypting and decrypting private keys, and wherein a bit length of 
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the first super - root key is greater than a bit length of the first root key, and said bit length of the first 
root key is greater than a bit length of any of said private keys . 

Claim 2. (Previously Presented) The method according to claim 1 wherein the processor 
internal to the module accesses the second oncryption super-root key only for decrypting 
encrypted el e ctronic root keys, wherein the decrypted e l e ctronic root keys are then stored within the 
module inaccessible outside the secure module. 

Claim 3. (Original) The method according to claim 2 wherein the step (a) is performed in a 
corresponding secure module. 

Claim 4. (Previously Presented) The method according to claim 3 wherein the processor 
internal to the module accesses the seconde ncrvption super-root key only in response to a request 
from a corresponding secure module. 

Claim 5. (Previously Presented) The method according to claim 4 wherein the second 
encryption super-root key and the first oncrvption super-root key are the private and public portions 
of an asymmetric private/public-key pair, respectively. 
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Claim 6. (Previously Presented) The method according to claim 4 wherein the second 
e ncrvption super-root key and the first encryptio n super-root key are a same private key for use with 
a symmetric key-based encryption algorithm. 

Claim 7. (Previously Presented) The method according to claim 6 comprising the additional 
step prior to step a) of: 

al) generating a first e l e ctronic root key within a key-generating processor internal to the key 
provider system. 

Claim 8. (Original) The method according to claim 7 wherein the key-generating processor 
is embodied on the corresponding secure module. 

Claim 9. (Currently Amended) The method according to claim 6 wherein the first el e ctronic 
root key is is a root k e y for us e useable for- in at least one of encrypting and decrypting private 
encryption keys. 

Claim 10. (Currently Amended) A method for transferring a first e l e ctronic root key between 
a key provider system and a second other system via an information network comprising the steps 
of: 

a) encrypting the first e l e ctronic root key using a first oncrvption super-root key of the key 
provider system ; 
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b) providing within the second other system a first secure module having second and third 
e ncrvption super-root keys within a memory circuit thereof, the second and third encryption super- 
root keys accessible only by program code being executed on a processor internal to the first secure 
module for decrypting encrypted olectronic root keys and for storing the decrypted e l e ctronic root 
keys within a memory circuit of the first secure module, and wherein the second and third 
e ncrvptio n super-root keys are other than accessible outside of the module; 

c) transferring the encrypted first e l e ctronic root key from the key provider system to the 
second other system via the information network; 

d) providing the encrypted first e l e ctronic root key to the processor internal to the first secure 
module of the second other system; and, 

e) executing program code on the processor internal to the first secure module to decrypt the 
encrypted first el e ctronic root key using the second e ncryptio n super-root key stored within the 
memory circuit of the first secure module and to store the decrypted first e l e ctronic root key 
internally within a secure key memory location of the first secure module , wherein the first root key 
is useable for at least one of encrypting and decrypting private keys, and wherein a bit length of the 
first super-root key is greater than a bit length of the first root key, and said bit length of the first 
root key is greater than a bit length of any of said private keys . 
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Claim 11. (Previously Presented) A method for transferring a first e l e ctronic root key 
between a key provider system and a second other system via an information network according to 
claim 10 comprising the steps of: 

f) encrypting a fourth e ncrvption super-root key using one of the third e ncrvption super-root 
key and a key corresponding to the third e ncrvptio n super-root key; 

g) transferring the encrypted fourth e ncrvption super-root key from the key provider system 
to the second other system via the information network; 

h) providing the encrypted fourth e ncrvptio n super-root key to the processor internal to the 
first secure module of the second other system; and, 

i) executing program code on the processor internal to the first secure module to decrypt the 
encrypted fourth e ncrvption super-root key using the third e ncrvption super-root key stored within 
the memory circuit of the first secure module and to store the decrypted fourth e ncrvption super-root 
key within the memory circuit of the first secure module at a location corresponding approximately 
to the location where the second e ncrvption super-root key was stored. 

Claim 12. (Previously Presented) The method according to claim 1 1 wherein the second and 
third encrvption super-root keys are only replaceable through use of another of the second and third 
encrvption super-root keys. 
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Claim 13. (Previously Presented) The method according to claim 12 wherein the second, 
third and fourth oncryption super-root keys are sup e r root k e ys useable for at least one of encrypting 
and decrypting root keys. 

Claim 14. (Previously Presented) The method according to claim 11 wherein the step of 
storing the decrypted fourth encrvption super-root key comprises the steps of: 

11) erasing the second e ncrvptio n super-root key from a first storage area of the memory 
circuit; and, 

12) storing the decrypted fourth e ncrvption super-root key within approximately the same 
first storage area of the same memory circuit. 

Claim 15. (Previously Presented) A system for transferring a secure e l e ctronic root key 
between a key provider system and a second other system via an information network that is other 
than secure comprising a secure module in operative communication with the second other system, 
the secure module including: 

an encryption processor; 

an input port for receiving encrypted electronic data from outside the module and for 
providing the encrypted electronic data to the encryption processor; 

a memory circuit in operative communication with the encryption processor for storing at 
least a first encrvptio n super-root key; 

memory storage having program code stored therein and executable on the encryption 
processor for, upon receipt of an encrypted secure e l e ctronic root key, decrypting the encrypted 
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secure olectronic root key using the at least a first e ncrvption super-root key and for storing the 
decrypted secure olectronic root key within the memory circuit, the at least a first e ncrvptio n super- 
root key being other than accessible by any code other than the program code and being other than 
modifiable thereby , wherein the secure root key is useable for at least one of encrypting and 
decrypting private keys, and wherein a bit length of the first super-root key is greater than a bit 
length of the secure root key, and said bit length of the secure root key is greater than a bit length of 
any of said private keys . 

Claim 16. (Previously Presented) The system according to claim 15 wherein the code 
executable on the encryption processor accesses the at least a first encrvption super-root key only in 
response to a request from a corresponding secure module. 

Claim 17. (Original) The system according to claim 16 wherein the code executable on the 
encryption processor is only for performing encryption functions the results of which are 
inaccessible outside of the module. 

Claim 18. (Previously Presented) The system according to claim 17 wherein the memory 
circuit for storing the at least a first oncrvptio n super-root key is a read-only memory circuit. 
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Claim 19. (Original) The system according to claim 18 wherein the module is FIPS 140 
compliant. 

Claim 20. (Previously Presented) The system according to claim 19 wherein the module 
includes a tamper detection circuit for erasing the first crvpto graphic super-root key in dependence 
upon a detected attempt to access the electronic contents of the module in an unauthorized fashion. 

Claim 21. (Previously Presented) A system for transferring a secure e l e ctronic root key 
between a key provider system and a second other system via an information network that is other 
than secure comprising a secure module in operative communication with the second other system, 
the secure module including: 

an encryption processor; 

an input port for receiving encrypted electronic data from outside the module and for 
providing the encrypted electronic data to the encryption processor; 

a memory circuit in operative communication with the encryption processor for storing a 
first encrvption super-root key within a first memory location thereof and for storing a second 
e ncrvptio n super-root key within a second other memory location thereof; 

memory storage having program code stored therein and executable on the encryption 
processor for, upon receipt of an encrypted third e ncrvption super-root key from the second other 
system, decrypting the encrypted third encrvption super-root key using one of the first and second 
e ncrvption super-root keys and for storing the decrypted third e ncrvption super-root key at a memory 
location corresponding to the other one of the first and second e ncrvption super-root keys, the first 
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and second oncrvption super-root keys being oth e r than accessible only by any cod e oth e r than the 
program code and being oth e r than m odifiable abs e nt e rasing thereof only by any cod e oth e r than 
the program code for all modifications excluding erasure, wherein the secure root key is useable for 
at least one of encrypting and decrypting private keys, and wherein a bit length of the first super- 
root key is greater than a bit length of the secure root key, and said bit length of the secure root key 
is greater than a bit length of any of said private keys. 

Claim 22. (Original) The system according to claim 21 wherein the code executable on the 
encryption processor accesses the first and second e ncryptio n super-root keys only in response to a 
request from a corresponding secure module. 

Claim 23. (Original) The system according to claim 22 wherein the code executable on the 
encryption processor is only for performing encryption functions the results of which are 
inaccessible outside of the module. 

Claim 24. (Previously Presented) The system according to claim 23 wherein the memory 
circuit for storing the first and second e ncryptio n super-root keys is a substantially non-volatile 
reprogrammable memory circuit. 
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Claim 25. (Previously Presented) The system according to claim 24 wherein the 
substantially non-volatile reprogrammable memory circuit is one of an electrically erasable 
programmable read-only memory (EEPROM) circuit and a random access memory (RAM) circuit 
having an on-board power supply in the form of a battery. 

Claim 26. (Original) The system according to claim 25 wherein the module is FIPS 140 
compliant. 

Claim 27. (Original) The system according to claim 26 wherein the module includes a 
tamper detection circuit for erasing every cryptographic key stored within the memory circuit in 
dependence upon a detected attempt to access the electronic contents of the module in an 
unauthorized fashion. 

Claim 28. (New) The method according to claim 1 wherein the bit length of the first 
super - root key is between about 2048 bits and about 4096 bits, the bit length of the first root key is 
between about 512 bits and about 2048 bits , and t he bit length of any of said private keys is between 
about 128 bits and about 1024 bits. 
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Claim 29. (New) The method according to claim 10 wherein the bit length of the first 
super - root key is between about 2048 bits and about 4096 bits, the bit length of the first root key is 
between about 512 bits and about 2048 bits , and the bit length of any of said private keys is between 
about 128 bits and about 1024 bits. 

Claim 30. (New) The system according to claim 15 wherein the bit length of the first 
super - root key is between about 2048 bits and about 4096 bits, the bit length of the first root key is 
between about 512 bits and about 2048 bits , and the bit length of any of said private keys is between 
about 128 bits and about 1024 bits. 

Claim 31. (New) The system according to claim 21 wherein the bit length of the first 
super - root key is between about 2048 bits and about 4096 bits, the bit length of the first root key is 
between about 512 bits and about 2048 bits , and the bit length of any of said private keys is between 
about 128 bits and about 1024 bits. 
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